45 posts categorized "Identity Theft"

24 March 2016

During this exciting time of technological advancements, when there is an app for every facet of our lives, from letting you know the right time to take a bathroom break during a movie to how to build a space shuttle, why am I continually disappointed? We have become a generation addicted to our apps and having the latest and greatest technologies, but that comes with a steep price. We have to continually ask ourselves with every purchase and click, what is my data and privacy worth if and when it is leaked, breached or stolen? George Santayana wrote: “Those who...
Read more →

28 August 2014

Continuous monitoring is the key to thwarting these types of breaches. With cyberattacks becoming commonplace in every sector, companies must continuously protect their most valuable information. Cyber guns fire at us all the time, but the notion of catching and stopping every cybercriminal simply isn’t realistic in today’s burgeoning threat environment. I liken it to aspiring to completely eliminate common street crime. It’s just not realistic. Flaws will always exist, even within the most ideal protective structures. Every company should assume they’ll be breached, and focus efforts on minimizing damage once cybercriminals get in. The need for qualified cybersecurity professionals...
Read more →

28 February 2014

With security breaches dominating news headlines daily, those responsible for securing our systems, networks, and devices are struggling to keep pace with the evolving threat landscape. Perhaps some of the most concerning potential breach data comes from the healthcare industry where we entrust our most personal information—social security number, birth date, medical history—as well as our immediate family members’ sensitive information to medical care providers. Further, medical devices rely on secure IT networks to function properly and deliver continuous, critical care to patients with heart conditions, diabetes, and other ailments. In the event of a security breach, the malfunction of...
Read more →

16 October 2012

With National Cyber Security Awareness Month in full stride, parents are realizing the vulnerability of their children and the necessity for cyber safety education. Although numerous types of cybercrime are being discussed this month, I’d like to examine two areas that have an increasing incidence rate and lack of parent awareness: child identity theft and the prevalence of online predators. While malware, phishing and hacking are key buzz words in today’s headlines, identity theft should be top-of-mind, given its swift and detrimental repercussions. Once a child’s identity is stolen, it often takes less than 24 hours for changes to be...
Read more →

17 August 2011

It has happened to me before, it will surely happen to me again. No matter how vigilant I am in protecting my credit card information, someone, somewhere, will somehow gain access to my credit card information and run up charges on my account. It is another form of identity theft. They are pretending to be me as they enjoy the fruits of my credit history (as meager as that might be) and adding to my debt load. To be certain, depending on the card, I won’t be held responsible for fraudulent charges. The legal limit is $50 if I regularly...
Read more →

17 June 2011

One of the best ways to combat identity theft is through the consistent monitoring of your credit report. Over the years, your credit report was a closely-guarded secret of the 3 major credit reporting agencies (Experian, TransUnion, and Equifax). You had to pay a fee to see your report and your rights were very limited as to what you could do about your report. However, Congress recognized several years ago that this did nothing but perpetuate identity theft and even hinder an individual’s ability to establish good credit. Today, you can request a credit report annually to monitor your history...
Read more →

09 June 2011

There doesn’t seem to be much doubt anymore that identity theft is the fastest growing crime ANYWHERE. If you aren’t a victim of it yet, you know someone who has been. Give it enough time and you will be too. It just depends on how proactive you are as to how much of a victim you will be. Just as you take precautions to avoid being the victim of a violent crime – parking in a well-lit area, making sure your doors are locked, paying attention to your surroundings – you can take precautions to minimize, or avoid altogether, the...
Read more →

30 March 2011

Most of you have heard about the breach at RSA, in which SecurID token authentication implementation data was stolen. In case you did not heard about it, click in the following link, prior to continue reading. http://news.cnet.com/8301-27080_3-20044775-245.html As we, as Security Professionals must design and implement identity management and authentication policies as part of our job, I believe that now, many of us need to rethink our proposed solutions. Our main objective should be: How to create a more resilient authentication framework? First of all... We need to realize and accept three facts 1) Any authentication system that is 100%...
Read more →

21 August 2010

Some great high-resolution shots of human irises. The detail here shows why iris scanning can be used as a distinguishing biometric. Of course, posting high-resolution shots of your biometrics on a Website can be a great way to compromise your biometrics ...
Read more →

05 May 2010

An interesting paper looking at the risks, risk management, and legal economics of breaches of privacy. Much of the material is fairly standard, but it also looks at different types of controls (such as preventative and recovery) in regard to data breaches, disclosure laws, and standards such as PCI DSS. Valuation of assets is also a factor. (Free download, as of this posting.)
Read more →

21 March 2010

The Anti-Phishing Working Group has asked its members to publicize the forthcoming Counter eCrime Operations Summit (CeCOS) in Brazil. I've already blogged this in quite a few other places, but given the impact of phishing and identity theft on the online community, it seems reasonable to assume that the Summit will be of interest to (ISC)2 members and readers of this blog, so I'm addressing it again here. Apologies to those who will have come across it elsewhere. This year the APWG is hosting it's fourth annual Counter eCrime Operations Summit (CeCOS IV) on May 11, 12 & 13 in...
Read more →

11 March 2010

This module from the UK's OpenLearning/LearningSpace centre is a fairly basic online safety piece. It concentrates on malware, and has numerous minor errors in terminology and definitions, but is reasonable for the general public.
Read more →

17 November 2009

The Open Security Foundation's (OSF) DataLossDB project is an interesting resource for information about data and confidentiality breaches. At a glance, it gives you news, latest breaches, a timeline of breach numbers, a "top ten" list, and other references you can use in security awareness materials, or for risk analysis.
Read more →

16 November 2009

Amusing video from the BBC. A report on pigs managing to figure out how to get more food from an automated control system. If even pigs can (accidentally) figure out how to defeat access controls, what do you have to do to prevent determined attackers? (Actually, pigs are pretty clever critters ...)
Read more →

About the (ISC)² Blog

As the certifying body for more than 125,000 cyber, information, software and infrastructure security professionals worldwide, (ISC)² believes in the importance of open dialogue and collaboration. (ISC)² established this blog to provide a voice to certified members, who have significant knowledge and valuable insights that can benefit other security professionals and the public at large.

The (ISC)² blog gives members a forum to exchange ideas and inspires a safe and secure cyber world by supporting the advancement of the information security workforce via a public exchange with a broad range of information security topics.

Whether an (ISC)² member chooses to participate in the (ISC)² blog is his or her own decision. The postings on this site are the author's own and don't necessarily represent (ISC)²'s positions, strategies or opinions. (ISC)² monitors the blog in accordance with the (ISC)² Blog Guidelines, but the bloggers are responsible for their own content – common sense and intelligence should prevail.

Other than links to the (ISC)² website, (ISC)² does not control or endorse any links to products or services provided in this blog and makes no warranty regarding the content on any other linked website.

Those who post comments to (ISC)² blogs should ensure their comments are focused on relevant topics that relate to the specific blog being discussed. (ISC)² reserves the right to remove any post or comment from this site. Should you find objectionable content in this blog, please notify us as soon as possible at blog@isc2.org